Fixed bug #11621: XSS vulnerabilities in workspace module
[Packages/TYPO3.CMS.git] / typo3 / wizard_table.php
old mode 100755 (executable)
new mode 100644 (file)
index 2471316..3331109
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 1999-2008 Kasper Skaarhoj (kasperYYYY@typo3.com)
+*  (c) 1999-2009 Kasper Skaarhoj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
@@ -318,9 +318,8 @@ class SC_wizard_table {
                                $tce->process_datamap();
 
                                        // If the save/close button was pressed, then redirect the screen:
-                               if ($_POST['saveandclosedok_x'])        {
-                                       header('Location: '.t3lib_div::locationHeaderUrl($this->P['returnUrl']));
-                                       exit;
+                               if ($_POST['saveandclosedok_x']) {
+                                       t3lib_utility_Http::redirect($this->P['returnUrl']);
                                }
                        }
                } else {        // If nothing has been submitted, load the $bodyText variable from the selected database row:
@@ -360,7 +359,7 @@ class SC_wizard_table {
                                        if ($this->inputStyle)  {
                                                $cells[]='<input type="text"'.$this->doc->formWidth(20).' name="TABLE[c]['.(($k+1)*2).']['.(($a+1)*2).']" value="'.htmlspecialchars($cellContent).'" />';
                                        } else {
-                                               $cellContent=eregi_replace('<br[ ]?[\/]?>',chr(10),$cellContent);
+                                               $cellContent=preg_replace('/<br[ ]?[\/]?>/i',chr(10),$cellContent);
                                                $cells[]='<textarea '.$this->doc->formWidth(20).' rows="5" name="TABLE[c]['.(($k+1)*2).']['.(($a+1)*2).']">'.t3lib_div::formatForTextarea($cellContent).'</textarea>';
                                        }
 
@@ -664,22 +663,13 @@ class SC_wizard_table {
        }
 }
 
-// Include extension?
+
 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/wizard_table.php']) {
        include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/wizard_table.php']);
 }
 
 
 
-
-
-
-
-
-
-
-
-
 // Make instance:
 $SOBE = t3lib_div::makeInstance('SC_wizard_table');
 $SOBE->init();